Tips to avoid falling for a phishing email

‍

LACRM has many measures in place to protect your data that you can learn about here. We take care of CRM security on our end—but one key to your account security in your control is your email. If someone gains access to your inbox, they can reset passwords and take over accounts across the web.

While we’ve all heard of phishing emails, they continue because a high enough percentage of people are still clicking on them and entering in their credentials. But in the spirit of today’s newsletter, I want to focus on the human side of things. What emotions are phishing scams preying on?

1. Urgency: Ever seen a spam email that says something along the lines of “you need to click this link ASAP or else a catastrophe will happen.” Even if you know logically to watch out for phishing emails, phishing emails try to scare you into acting before thinking. Very few emails are actually so desperately urgent that you can’t take 30 seconds to take a breath and think through whether this makes sense.
2. Respect: This one might sound a little strange at first. If you are a small business owner, be sure to tell anyone on your team that another common emotion they should watch out for—your team’s respect for the chain of command and for your authority might get them to click on a phishing email that appears to be from you, their boss. Make sure to inform your team that if they have any doubts that an email or text is from you, they should speak to you directly about it before responding.
3. Stress: It’s easy to make mistakes when you are stressed or overwhelmed. If you are finding yourself stressed out—take a breath or a step away from your computer if possible. It’s better to take a beat now, rather than deal with the consequences of a phishing mess later on.

While it’s always a good idea to brush up on the latest ways to spot  phishing attacks, don’t forget the underlying emotions that cause people to fall for phishing emails in the first place. Take a breath before responding to that supposedly urgent email!

Now that we’ve covered the emotional side of things, here are a few concrete things you should look out for in your inbox:

1. Check the sender address: Who is the sender? Is it a legitimate email address, or is this email being sent from a strange domain? If the domain doesn’t match the company they are supposedly writing from, steer clear.
2. Suspicious links: If you hover over a hyperlink in the email (don’t click) you’ll see the actual URL you’ll be taken to if you click that link. If the link they claim to be sending you to doesn’t match the actual hyperlink, that’s a red flag and you should avoid clicking.
3. Unexpected attachments: Be wary of email attachments that you weren’t expecting. Especially if the email seems vague or suspicious.
4. Personal information requests: No reputable business should be asking you to email your social security number, or other personal information. If you get an email like this, it is almost always not from the actual company.
5. Double check verification emails: If you suddenly get a verification email you aren’t expecting, be wary. If you click a phishing link from a fake verification email and enter your sign in details, an attacker will gain access to your email and password.
6. Independently verify: If you get an email that sounds real but aren’t certain, you can always call the company or email them in a separate thread to their publicly available email address to confirm the message.

I hope both this practical information and the emotional side of what to watch out for with phishing attacks helps you keep your email and other accounts secure.